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DETAILED ACTION 



Response to Amendment 



In view of the appeal brief filed on January 8, 2007, PROSECUTION IS HEREBY 
REOPENED. A new rejection is set forth below. 

To avoid abandonment of the application, appellant must exercise one of the following 
two options: 

(1) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply under 37 
CFR 1.113 (if this Office action is final); or, 

(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41 .31 followed by an 
appeal brief under 37 CFR 41 .37. The previously paid notice of appeal fee and appeal 
brief fee can be applied to the new appeal. If, however, the appeal fees set forth in 37 
CFR 41 .20 have been increased since they were previously paid, then appellant must 
pay the difference between the increased fees and the amount previously paid. 

A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by 
signing below: 



Gilberto Barron 



Supervisory Patent Examiner 
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Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1-9, 11, 14-17, and 19-30 are rejected under 35 U.S.C. 102(e) as being 
. anticipate by US patent 6,658,568 granted to Ginter et al. 

Regarding claim 1 , Ginter meets the claimed language as follows: 
"A computer-readable medium storing an electronic certificate data structure, the 
data structure comprising: 

content data specifying an attribute delegation from an identified issuer to a 
certificate subject, and 

an electronic signature of said issuer for confirming the content data; 

wherein the content data includes a. condition requiring that a particular subject 
must have a particular attribute in order for the delegation to be valid." see column 85, 
line 51 to column 88, line 6 and Figures 50A and 51F-51H. 

In the above quoted sections Ginter teaches a data structure (storage container) 
containing a certificate and conditions of use relating to the content data (see clumn 86, 
lines 15-34). Ginter further provides an example, see column 87, line 53 to column 88, 
line 6, where two publishers form a virtual entity that issue certificates to consumers 
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allowing the consumers to perform certain functions. Clearly from these sections Ginter 
discloses the "data structure" of independent claim 1. 

Regarding claim 2, Ginter meets the claimed language as follows: 
"A computer-readable medium according to claim 1, wherein said certificate 
subject is generically any subject whereby said attribute is delegated to any subject 
capable of showing said condition to be satisfied, the particular subject of said condition 
being explicitly identified in the content data." see column 85, line 51 to column 88, line 
6 and Figures 50A and 51 F-51 H. 

Regarding claim 3, Ginter meets the claimed language as follows: 
"A computer-readable medium according to claim 1, wherein said certificate 
subject is specifically identified in the content data." see column 85, line 51 to column 
88, line 6 and Figures 50Aand 51 F-51 H. 

Regarding claim 4, Ginter meets the claimed language as follows: 
"A computer-readable medium according to claim 3, wherein said particular 
subject is not separately specified but is implicitly said specifically-identified certificate 
subject." see column 85, line 51 to column 88, line 6 and Figures 50A and 51 F-51 H. 

Regarding claim 5, Ginter meets the claimed language as follows: 
"A computer-readable medium according to claim 3, wherein said particular 
subject is explicitly identified." see column 85, line 51 to column 88, line 6 and Figures 
50Aand 51 F-51 H. 

Regarding claim 6, Ginter meets the claimed language as follows: 
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"A computer-readable medium according to claim 1, including multiple said 
conditions in predetermined logical relationship." see column 85, line 51 to column 88, 
line 6 and Figures 50A and 51 F-51 H. 

Regarding claim 7, Ginter meets the claimed language as follows: 
"A computer-readable medium according to claim 6, wherein said logical 
relationship is not explicitly but is explicitly stated." see column 85, line 51 to column 88, 
line 6 and Figures 50A and 51 F-51 H. 

Regarding claim 8, Ginter meets the claimed language as follows: 
"A computer-readable medium according to claim 6, wherein said logical 
relationship is not explicitly but is implicitly an AND relationship." see column 85, line 51 
to column 88, line 6 and Figures 50A and 51 F-51 H. 

Regarding claim 9, Ginter meets the claimed language as follows: 
"A computer-readable medium according to claim 1, wherein said content data 
further includes certificate validity data concerning at least one of: 

a date range identifying the period over which the certificate is valid: 

the location of a certificate revocation list that should be checked before the 
certificate is used; 

the location where a one-time use permission can be obtained or the certificate 
re-validated; 

said content data being structured into fields with the validity data and said 
condition or conditions being held in the same field." see column 85, line 51 to column 
88, line 6 and Figures 50A and 51 F-51 H. 
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Regarding claim 11, Ginter meets the claimed language as follows: 
"Apparatus for generating an electronic certificate data structure, the apparatus 
comprising: 

a data handling arrangement for assembling content data specifying an attribute 
delegation from an identified issuer to a certificate subject, and including a condition 
requiring that a particular subject must have a particular attribute in order for the 
delegation to be valid; 

and a signature arrangement for generating an electronic signature of said issuer 
over said content data." see column 85, line 51 to column 88, line 6 and Figures 50A 
and51F-51H. 

In the above quoted sections Ginter teaches a data structure (storage container) 
containing a certificate and conditions of use relating to the content data (see clumn 86, 
lines 15-34). Ginter further provides an example, see column 87, line 53 to column 88, 
line 6, where two publishers form a virtual entity that issue certificates to consumers 
allowing the consumers to perform certain functions. 

Regarding claim 14, Ginter meets the claimed language as follows: 
"Apparatus according to claim 11, wherein the data handling arrangement is arranged to 
cause said certificate subject to be specifically identified in the content data." see 
column 85, line 51 to column 88, line 6 and Figures 50Aand 51F-51H. 

Regarding claim 15, Ginter meets the claimed language as follows: 
"Apparatus according to claim 14, wherein the data handling arrangement is arranged to 
cause said particular subject to be implicitly specified in said content data as said 
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specifically-identified certificate subject." see column 85, line 51 to column 88, line 6 and 
Figures 50A and 51 F-51 H. 

Regarding claim 16, Ginter meets the claimed language as follows: 
"Apparatus according to claim 14, wherein the data handling arrangement is arranged to 
cause said particular subject to be explicitly identified in the content data." see column 
85, line 51 to column 88, line 6 and Figures 50A and 51 F-51 H. 

Regarding claim 17, Ginter meets the claimed language as follows: 
"Apparatus according to claim 11, wherein the data handling arrangement is adapted to 
permit multiple said conditions to be included in the content data in predetermined 
logical relationship." see column 85, line 51 to column 88, line 6 and Figures 50A and 
51 F-51 H. 

Regarding claim 19, Ginter meets the claimed language as follows: 
"A reduction engine for verifying the existence of a trust chain of justified attribute 
delegations that overall imparts a required attribute from a trusted issuer to a target 
subject, said reduction engine comprising: 

a trust-chain verifier for combining justified attribute delegations to form said trust chain, 
at least one said attribute delegation being justified on the basis of a certificate data 
structure that comprises content data bestowing a specified attribute from an identified 
issuer to a certificate subject, and an electronic signature of said issuer over the content 
data; and 

a trust-chain branch control arranged to require the trust-chain verifier to establish a 
branch of said trust chain upon the trust-chain verifier using in the trust chain a said 
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attribute delegation that is justified on the basis of a conditional said certificate data 
structure that includes in its content data a condition requiring that a particular subject 
must have a particular attribute in order for the delegation justified by the certificate to 
be valid, said branch being required to impart said particular attribute to said particular 
subject from said trusted issuer or another trusted issuer." see column 84, line 64 to 
column 85, line 18 and Figures 51E-51H. 

Ginter's secure container imparts an attribute to a target subject (consumer) as 
the certificate is verified within the trust chain. 

Regarding claim 20, Ginter meets the claimed language as follows: 
"A reduction engine according to claim 19, adapted to handle a said conditional 
certificate data structure in which said certificate subject is specifically identified in the 
content data." see column. 84, line 64 to column 85, line 18 and Figures 51E-51H. 

Regarding claim 21, Ginter meets the claimed language as follows: 
"A reduction engine according to claim 20, adapted to handle a said conditional 
certificate data structure in which said particular subject is not separately specified but is 
implicitly said specifically-identified certificate subject." see column 84, line 64 to column 
85, line 18 and Figures 51E-51H. 

Regarding claim 22, Ginter meets the claimed language as follows: 
"A reduction engine according to claim 20, adapted to handle a said conditional 
certificate data structure in which said particular subject is explicitly identified." see 
column 84, line 64 to column 85, line 18 and Figures 51E-51H. 

Regarding claim 23, Ginter meets the claimed language as follows: 
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"A reduction engine according to claim 19, adapted to handle a said conditional 
certificate data structure including multiple said conditions in predetermined logical 
relationship." see column 84, line 64 to column 85, line 18 and Figures 51E-51H. 

Regarding claim 24, Ginter meets the claimed language as follows: 
"A reduction engine according to claim 19, adapted to handle a said conditional 
certificate data structure that has substantially the same form as an SPKI certificate with 
said condition being held in a validity field of the certificate." see column 84, line 64 to 
column 85, line 18 and Figures 51E-51H. 

Regarding claim 25, Ginter meets the claimed language as follows: 
"A trust chain discovery engine for finding a trust chain of justified attribute delegations 
that overall imparts a required attribute from a trusted issuer to a target subject, said 
discovery engine comprising: 

a trust-chain builder for seeking to build up said trust chain using justified attribute 
delegations at least one of which is justified on the basis of a certificate data structure 
that comprises content data bestowing a specified attribute from an identified issuer to a 
certificate subject, and an electronic signature of said issuer over the content data; and 
a trust-chain branch control arranged to require the trust-chain builder to seek to build a 
branch of said trust chain upon the trust-chain builder using in the trust chain a said 
attribute delegation that is justified on the basis of a conditional said certificate data 
structure that includes in its content data a condition requiring that a particular subject 
must have a particular attribute in order for the delegation justified by the certificate to 
be valid, said branch being required to impart said particular attribute to said particular 
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subject from said trusted issuer or another trusted issuer." see column 84, line 64 to 
column 85, line 18 and Figures 51E-51H. 

Ginter's secure container imparts an attribute to a target subject (consumer) as 
the certificate is verified within the trust chain. 

Regarding claim 26, Ginter meets the claimed language as follows: 
"A trust chain discovery engine according to claim 25, adapted to handle a said 
conditional certificate data structure in which said certificate subject is specifically 
identified in the content data." see column 84, line 64 to column 85, line 18 and Figures 
51E-51H. 

Regarding claim 27, Ginter meets the claimed language as follows: 
"A trust chain discovery engine according to claim 26, adapted to handle a said 
conditional certificate data structure in which said particular subject is not separately 
specified but is implicitly said specifically-identified certificate subject." see column 84, 
line 64 to column 85, line 18 and Figures 51E-51H. 

Regarding claim 28, Ginter meets the claimed language as follows: 
"A trust chain discovery engine according to claim 26, adapted to handle a said 
conditional certificate data structure in which said particular subject is explicitly 
identified." see column 84, line 64 to column 85, line 18 and Figures 51E-51H. 

Regarding claim 29, Ginter meets the claimed language as follows: 
"A trust chain discovery engine according to claim 25, adapted to handle a said 
conditional certificate data structure including multiple said conditions in predetermined 
logical relationship." see column 84, line 64 to column 85, line 18 and Figures 51E-51H. 
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Regarding claim 30, Ginter meets the claimed language as follows: 
"A trust chain discovery engine according to claim 25, adapted to handle a said 
conditional certificate data structure that has substantially the same form as an SPKI 
certificate with said condition being held in a validity field of the certificate." see column 
84, line 64 to column 85, line 18 and Figures 51E-51H. 

Allowable Subject Matter 

Claims 10 and 18 are objected to as being dependent upon a rejected base 
claim, but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 

The following is a statement of reasons for the indication of allowable subject 
matter: 

With respect to claims 10 and 18, the cited prior art fails to specifically teach the 
certificate has substantially the same form as an SPKI certificate data structure with 
said condition or conditions being held in a validity field of the certificate data structure. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Matthew B. Smithers whose telephone number is (571) 
272-3876. The examiner can normally be reached on Monday-Friday (8:00-4:30) EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel L. Moise can be reached on (571) 272-3865. The fax phones 



Application/Control Number: 09/732,948 



Page 12 



Art Unit: 2137 

number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 




Matthew B Smithers 
Primary Examiner 
Art Unit 2137 



